Hello IA consultants out there! If you’ve benchmarked/baseline Key report testing, ITACs/ITGCs, please share your thoughts. 1) what was your rationale behind this? 2) how did you convince management and external auditors this is the way to go 3) how many hours per control or key reports was saved? What was the % of total hours saved? 4) how did you ensure your audit fees were not reduced due to the hours saved?

like
Posting as :
works at
You are currently posting as works at

For key report testing, I have looked at the scripts that are used to run the reports. If there has been no change to the script for years, we have been able to persuade all parties that the report can be benchmarked. The first year you benchmark, you still have to go through the full testing process but after that, you can just confirm that the script is unchanged year over year.

like

Thanks for your response and example. Does this procedure apply to all types of key reports (standard vs. third party vs. custom) or are there different procedures you’ll perform based on the type of report? This is a “new” SEC company going into its 4th year of SOX testing. How established does the company SOX program have to be to determine the script have not changed year over year?

Benchmarking guidelines have gotten really strict lately with the increased focus on completeness and accuracy considerations. Overall, if you can prove that underlying code/logic of the setup of the report hasn’t changed, you can continue to leverage the testing done the first time for three years. The only benefit is that you don’t need to test the code logic again once you baseline it. But you still need to test the front end parameters applied and check that the output wasn’t modified etc. so not too much savings

like

I’m new to the firm and kinda asked around and there isn’t a guideline. I’m also not an IT auditor so just trying to gather as much info as I can before i speak with the IT folks who actually do the work.

Can you elaborate a bit more on what you mean by benchmarking or baselining KRs, ITACs, or ITGCs?

Obtaining a change management log for the systems involved and relying on PY testing - which will be used as the baseline year - for the next 3 or so years as long as there’s been no changes to the system logic

Related Posts

I'm thinking of entering the show The Ultimatum marry or move on

like

Hello, we've recently started a community focused on FAANG Interview preps. Wondering what kind of content people might be interested to see in such communities.

like

How strict is Jio background verification?? My wife has not shown her previous company in CV and now HR has asked to share last 3 months salary slip to release offer letter. Is it fine if she skip this company??

I have heard there is some HR policy that boomerang/ returning employees are taken back on the older salary. Can someone please share more details about the period of applicability and exceptions? Thank you.

like

Anyone there ?

like

Hi All,

Currently I'm working as a Software developer in UST Global with 5 years of experience. I'm planning to make a career switch to a Management role. I'm doing my MBA course from IMT, Ghaziabad and Liverpool Business School through Upgrad platform.

Is it worth doing it. Will I get a job after my MBA course on a good pay scale. Your valuable inputs are needed.

Thank you.

like

This bowl is dead!
Leaving 😬

like

Any insight into Jackson Lewis NYC office? Compensation, billable hours, WLB? I would be a 2-3 year

like

Barber recs in Manhattan that can do a nice fade and scissor cut?

like

Round or exact numbers on banners/LPs? I was curious about this since in negotiations for example or pricing it's better to have the exact number. But if you have a case study, for example, is it better to say "Client X increased their revenue to 1,000,000 ARR" instead of "Client X increased their revenue to 987,500 ARR" ? Anyone has seen any impact on conversion rates?

like

I can use a drink

like

Through a lot of comp discussions I heard a lot of talk of “making you whole” when things get better. Am I drinking the kool-aid by believing this? Is this just meant to prevent further questions that the firm does not know the answer to?

like

I got an offer from Natwest. My current company is accenture and they are offering me to promote as an assoc manager if i take my resignation back. Shall i consider it? What whould i prefer Nat west or promotion in Accenture. How much hike accenture gives while promoting? Any inputs?

likehelpful

Hello All,

What exactly say to HR on call for counter offer negotiation. Any sample would be helpful, having a hard time to find the right words as the right choice of words is crucial here.

Need to talk to HR tomorrow. Looking forward to your answers.

Much Thanks.

like

What is something your government could implement to make your work easier/more productive?

like

Can anyone provide referral for UBS ?

What is the maximum salary Wipro can offer to 4 YOE. Designation - Consultant Wipro

like

For the past 2-3 years, I have obsessively tracked my net worth/income trends/investment performance over time. I checked my trends just now, and OMG I hit the 300k net worth mark right around Christmas. I guess I haven’t looked at my dashboard for a month. This feels so cool. I want to shout it from the roof! I can’t really brag about this to my friends, so I’m sharing here! 🎉 🎉

like

Additional Posts in Risk Assurance

Do you audit users with Sudo access and a log of sudo activity or just users with access to sudo?

like

Identifying a common process, what does this even mean 😩 please help.

like

What’s your worst experience with a senior? (As an associate)

How is IT audit at Baker Tilly? Looking to change from a big 4.

like

Mid year promotions, I found out you need to make your own case for it rather than the firm coming to you. If you think you’re ready make sure you speak up!

Crowe is hiring for quite a few positions across the US (Internal Audit, IT controls and cyber/digital security, Compliance,etc)… I’m a manager and would think some of these niche areas have great opportunity for new folks to excel rather quickly. Great flexibility and mobility policies. I’d be happy to chat if interested and get you directly in touch with the right people internally.

likefunny

Anyone hiring for entry level risk compliance roles?

like

Is anyone here in KPMG’s CRM Risk practice? If so do you know if they are still hiring??

like

When is busy season over for the SOX side of stuff? Please tell it doesn’t go past 12/31.

funny

I’m getting put up for manager a year early. I have PPMD ,SM, and M support. Pretty much support from all the key individuals on my team and in my service line. Since it is a year early if i don’t get promoted this round I know it’ll come mid year but I do expect a good salary increase still without the promo. If I don’t get the promo nor a salary increase that I’m okay with, how do I let my partner know that I will begin to entertain outside offers? some of which have offered the manager role.

like

If anyone is looking for a referral as an experienced hire to the PwC DAT (Digital Assurance & Transparency - formerly Risk Assurance) practice let me know and would be happy to refer you. We are actively looking to hire.

like

How do you apply design factors to IT Audits. Just overheard someone explain 'level of aggregation' for IT Security policies by describing how many people have access to it. Why is this a thing???

like
like

Has an tested roles for SAP through productive test simulation within production? Is there any risk doing this as the test is in production?

like

What’s a good out from RA? Thinking about moving away from audit/accounting

like

Are the exit opportunities better in Internal Audit/Business Process than IT Audit? All I hear is how awful IT Audit is but don’t hear as much complaining from the business side

like

How do you all keep up with trends in risk and internal audit?

like

Tried to jump to a big 4 as a senior 2 in risk assurance . SF market - offered 93k base and 15k bonus. Is this worth?

What’s the salary range for IT Audit Seniors in the Seattle market?

like

I have an interview coming up for internal audit manager. Currently in external audit. When asked about my experience in ERM - what would you say Is transferable skills that I can leverage in my answer?

like

New to Fishbowl?

Download the Fishbowl app to
unlock all discussions on Fishbowl.
That was just a preview…
Sign Up to see all discussions
  • Discover what it’s like to work at companies from real professionals
  • Get candid advice from people in your field in a safe space
  • Chat and network with other professionals in your field
Sign up in seconds to unlock all discussions on Fishbowl.

Already a user?
Login here

Share

Embed this post

Copy and paste embed code on your site

Preview

Download the
Fishbowl app

See what’s happening in your industry
from the palm of your hand.

A phone with Fishbowl app

Scan your QR code to download
Fishbowl app on your mobile

Download app

Sign up for free to view this conversation on Fishbowl

By continuing you agree to Terms of Use and Privacy Policy

Already have an account? Log in

Sign up for free to continue using Fishbowl

By continuing you agree to Terms of Use(New) and Privacy Policy(New)
Messaging rates may apply

Already have an account? Log in

For account settings, visit Fishbowl on Desktop Browser or

General

Legal